Data protection laws: processes as the key to compliance

Notebook Buddy, a company specialized in selling and repairing laptops, is currently focusing on the implementation of the New Federal Act on Data Protection (nFADP). This law entails stricter requirements, which is why Notebook Buddy is reviewing its internal processes to adapt them to the new legal provisions. To achieve this goal, the company has decided to use the process collection carefully compiled by brix and HES-SO.

By using the repository, Notebook Buddy was able to avoid the tedious work of combing through extensive and demanding legal texts while developing clear guidelines for implementing the new data protection law. The processes in the repository emphasize the importance of compliance with the nFADP and the possible consequences of non-compliance.

Notebook Buddy found various processes in the process collection to prepare for the New Federal Act on Data Protection. These included a process for defining responsibilities. This helped Notebook Buddy to identify a person responsible for data protection who would also take care of implementation and coordination. The process recorded in the repository guided the responsible person through the most important steps.

According to the process descriptions, the person responsible for data protection began by identifying the relevant workflows in which personal data is processed. The data was then categorized, and additional security measures were defined for particularly sensitive data.

After identifying the various tasks, Notebook Buddy was able to utilize the checklist provided in the repository to verify compliance with all significant aspects of data protection and devise appropriate measures to address any outstanding issues. In addition, those responsible received information on potential data protection risks and corresponding procedural suggestions for dealing with outstanding issues.

Thanks to the repository, the collections of processes and checklists it contains, Notebook Buddy was able to adapt its data protection compliance to the new provisions of the Federal Act on Data Protection. Although data protection breaches can never be completely ruled out, they now know where they can obtain easily accessible recommendations for action in the event of such an incident. And so, Notebook Buddy can minimize or even prevent possible penalties in the data protection context.

Notebook Buddy not only received practice-oriented recommendations for action, but was also able to save considerable resources and costs by using the repository created by brix and the HES-SO to offer its customers a secure and data protection-compliant service.